SPAM

What is spam?

When not referring to the tasty potted meat product, spam is unsolicited junk email sent indiscriminately in bulk, often for commercial purposes. Much of it is sent by botnets, networks of virus-infected computers, complicating the process of tracking down the spammers. According to various estimates, about 80% of all email in the world may be spam.

What is "phishing?"

Phishing is the practice of defrauding users into giving up their usernames, passwords, credit card numbers and other personal information. Phishing emails will often try to get you to click on links that take you to fake websites; they often pretend to be from organizations such as a bank, PayPal, Amazon or even Stanford.

Recent Stanford-targeting phishing scams have been improving their disguises—but always be cautious. Stanford will never ask you for your passwords, and you should never give them out, not even to tech support!

Why am I getting spam from myself?

Spammers are adept at forging the origin of their messages, and it is relatively easy to forge the "FROM" address on an email, just as it would be easy to write anyone's return address on an envelope. If you get a message that claims to be from you, it might be spoofing rather than originating from your email account; it doesn't necessarily mean you've been hacked.

Because of a forged "FROM" address, you might also be getting bounced-email notifications about emails you never sent. Again, this doesn't necessarily mean a hacker has real access to your account, just that a spammer was hiding behind your email address.

On the other hand, cracking passwords for free email sites (Hotmail, etc.), or other sites with weak security, is an easy in for hackers. Now might be a good time to change your password — be sure to pick a strong password for all your email accounts, and remember: your SUNetID password should be different than every other password you have.

What should I do about spam?

If an email is obviously spam (pills, replica watches or enhancements, anyone?), or probably spam (obviously poor attempts to impersonate a business or an individual) you should just delete it.

Sometimes, though, it's hard to tell: scams are becoming ever more sophisticated and specifically targeted. Even an email that seems to come from a familiar source could still be fake. Before you click on a link in ANY email, hover the mouse over a link first and check to make sure the target matches the real URL or website — or, visit the institution's website by typing in their URL on your own. If the email seems to be from someone you know, check with that person before responding to the message.